BUG? a possible bug at rename_volumes()
홍신 shin hong
hongshin at gmail.com
Thu Sep 10 03:32:27 EDT 2009
Hello. I am reporting a possible bug at rename_volumes()
in drivers/mtd/ubi/cdev.c of Linux 2.6.30.5.
I hope that this report would be helpful.
Please examine this report, and let me know your opinion.
rename_volumes() first allocates a ubi_rename_entry variable (at line 801)
and initializes the variable (line 808~809).
And then the function links the variable to the rename_list.
However, it seems that the execution order of the initialization and the linking
to the list might be possibly changed by re-ordering because there is no
memory barrier between them.
And this undesirable re-ordering might result race condition
so that other concurrent threads can read uninitialized value.
I think this is a subtle problem and it might be realistic.
But please examine the report and let me know your opinion.
Thank you.
Sincerely
Shin Hong
More information about the linux-mtd
mailing list